Apple included support for the WebAuthentication API in the latest Safari Release 71 (Technology Preview).
The new WebAuthentication as implemented supports USB-based CTAP2 devices.
Critical Kubernetes privilege escalation bug (CVE-2018-1002105) was found and patched during this week. When exploited, the bug allows anonymous users as well a authenticated one to use admin privileges over the cluster API.
There is an exploit published on a GitHub already.
British Telecom will not use Huawei’s 5G kit within the core of the network due to security concerns.
Security agencies in Australia will gain greater access to encrypted messages due to a new legislative.
US National Security Archive published a complete index of all 1504 items in the declassified collection of NSA internal Cryptolog periodical.
Security researchers released attacks on 7 TLS implementations, making use of Bleichenbacher and Manger’s attack.
The research with a name “The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations” also includes a TLS 1.3 downgrade attack.
Ransomware Infected 100k computers in China then demands WeChat Payment and is using XOR as an “encryption”. Author was probably identified because he registered domain to his own name.
It looks like 13 years old Virut botnet is resurrected in the wild.
Great blog on how guy scammed the scammer to send him photo of his ID.
Nearly 250 Pages of internal Facebook documents, emails and statistics were posted online by the UK Parliament.
A User Data of the question-and-answer website Quora were compromised.
The records of 500 million customers of the Marriott International hotel group were compromised.
Interesting revisited paper: “From Keys to Databases – Real-World Applications of Secure Multi-Party Computation.”
GTRS - is a tool that uses Google Translator as a proxy to send arbitrary commands to an infected machine.